It's ridiculous. What are you saying ?? If I as a client, don't pay you for
having a stable and secure program you sell me a buggy one???? Not even M$ is
thinking this way anymore, although they continue to sell buggy OS.

On Sunday 26 September 2004 22:40, wirepair wrote:
> Charging for security of your own applications? That seems pretty backwards
> to me. Why should the client who buys your software with the expectation
> that it works and is secure have to pay for the fact that it isn't? So when
> my seat belts are broken, and my tires randomly explode, I have to pay the
> car manufacturer more money to get these features fixed?
>
> duh?
> -wire
>
> On Thu, 23 Sep 2004 10:16:40 -0700
>
> King Pang <kingpang (at) gmail (dot) com [email concealed]> wrote:
> > Hello,
> >
> > Our company developers Microsoft Solutions and I am responsible for
> > leading the security initiative in the corporation. I have spent a
> > lot of time and effort on how we should apply security guidance to our
> > product life cycle, such as adding threat modeling and doing security
> > review. But after I have convinced them that security is important,
> > we brought up a discussion on how we should charge our customers.
> >
> > Many of you have customer experience. They want to pay the minimum
> > and have all the features. If they can choose not to pay, they won't.
> > If we tell them threat modeling will add x human-weeks of development
> > and we have to charge them x thousand dollars more, they won't pay.
> > Moreover, they expect the system to be secure enough and if there is
> > anything wrong, they would think that is our fault.
> >
> > If any of you have any experience on dealing security with customers
> > and how you would deal with this issue, please throw in two cents. Any
> > comments or related articles would help too.
> >
> > Warm Regards.
>
> --
> Visit Things From Another World for the best
> comics, movies, toys, collectibles and more.
> http://www.tfaw.com/?qt=wmf

[ reply ]